Problem with MSCHAP and Freeradius authentication

[Fajar A. Nugraha]

On Sat, Jan 21, 2012 at 11:14 PM, Dhiraj Gaur <dhiraj.gaur at gmail.com> wrote:
> The version of radtest on my system doesnt support the -t option, hence even after doing radtest -h I could not find anything. I settled for jradius client to achieve the same effect already.

It doesn't really matter which client you use, IF you're
familiar-enough with it and know how to use it. However, your posted
log still shows you use pap. So that either means:
- you don't know how to send mschap request using that client, or
- you haven't got pap working correctly, or
- you don't know the difference between pap and mschap
- you posted the wrong debug output

which is it?

>  Have tried upgrading the package but its already in the latest version.

You could always compile from source, or build your own package.

If you use debian or ubuntu my ppa has the latest stable freeradius
version: https://launchpad.net/~freeradius/+archive/stable
Lucid version should fit debian installations just fine.

> The PAP things is already working fine as I mentioned earlier and have followed every bit of Alans guide. Would redo the things again if it works.

I take your word for it

>
>>
>> - Also on Alan's page, there's the section 'Configuring FreeRADIUS to
>> use ntlm_auth for MS-CHAP'. That pretty much answers the last part of
>> your question, but ONLY if you already got pap working properly.
>
>
>
> Attaching the inner tunnel and default file, please go through the same and point out if something is amiss.....

Re-read that section, and do what it says. If you do it correctly, AND
send mschap request (using whatever client you're familiar with),
there should be NO debug line that says "ntlm_auth" with
"User-Password" together. That's because mschap does NOT send
User-Password attribute, and the ntlm_auth line is adjusted
accordingly per instructions on the site.

If you STILL have problems after doing that, post the updated debug logs.

-- 
Fajar